This commit fixes the auto-configuration of Spring Session to use
"server.servlet.session.timeout" as a fallback for Servlet-based web
applications only.
Closes gh-23752
Prior to this commit, the `StaticResourceLocation` for favicons would
point to `"/**/favicon.ico"`. This location does not reflect the current
web development landscape, since the png format and size variants are
not supported here. Also, the `"**"` pattern can be costly at runtime
and is deprecated by the new path pattern support in Spring Framework
(see gh-22833).
This commit changes the default locations to `"/favicon.*","/*/icon-*"`,
supporting common use cases such as `"/favicon.ico"`, `"/favicon.png"`
and `"/icons/icon-48x48.png"`.
Closes gh-23126
Update the `AbstractJarWriter` so that it can directly build the layer
index as entries are written. Prior to this commit, a layer tracking
was handled by a decorator class which was broken because it didn't
override enough methods. Since `AbstractJarWriter` has quite a complex
API, it seems sensible to have it handle the layer index directly,
removing the need for a decorator entirely.
Fixes gh-23801
Deprecate and provide alternatives for logging properties that are
specific to Logback.
The following Spring Boot properties have been changed:
* logging.pattern.rolling-file-name ->
logging.logback.rollingpolicy.file-name-pattern
* logging.file.clean-history-on-start ->
logging.logback.rollingpolicy.clean-history-on-start
* logging.file.max-size ->
logging.logback.rollingpolicy.max-file-size
* logging.file.total-size-cap ->
logging.logback.rollingpolicy.total-size-cap
* logging.file.max-history ->
logging.logback.rollingpolicy.max-history
As have the system environment properties that they map to:
* ROLLING_FILE_NAME_PATTERN ->
LOGBACK_ROLLINGPOLICY_FILE_NAME_PATTERN
* LOG_FILE_CLEAN_HISTORY_ON_START ->
LOGBACK_ROLLINGPOLICY_CLEAN_HISTORY_ON_START
* LOG_FILE_MAX_SIZE ->
LOGBACK_ROLLINGPOLICY_MAX_FILE_SIZE
* LOG_FILE_TOTAL_SIZE_CAP ->
LOGBACK_ROLLINGPOLICY_TOTAL_SIZE_CAP
* LOG_FILE_MAX_HISTORY ->
LOGBACK_ROLLINGPOLICY_MAX_HISTORY
This commit also cleans up and simplifies `DefaultLogbackConfiguration`.
Closes gh-23609
Prior to this commit, the how-to documentation would say that Spring
Boot does not support the h2c protocol. While it's not supported
out-of-the-box with a configuration property, this protocol can still be
configured using server customizers.
This commit documents, with code snippets, the server customizers one
should use to configure the h2c protocol in an application - for each
supported server.
Closes gh-21997
Prior to this commit, tests using the `@WebMvcTest` annotation would not
include the `HttpEncodingAutoConfiguration`. This means that, even if
configured, the encoding filter would not be configured in MVC tests,
resulting in an inconsistency with `@SpringBootTest` tests.
This commit ensures that the `HttpEncodingAutoConfiguration` is included
when `@WebMvcTest` is used.
Fixes gh-23749
Previously, when building a layered jar with Maven, dependencies
on modules in the same build were treated the same as any other
dependency, being included in the dependencies or snapshot dependencies
layer based on their version.
This commit updates the default layering when using Maven to include
dependencies on modules in the same build in the application layer by
default. The XML schema has also been updated to allow the layer to be
customized using new <includeModuleDependencies/> and
<excludeModuleDependencies/> elements rather than relying on including
and excluding them via a group:artifact:version pattern.
Closes gh-23463
This commit modifies the logic for finding properties files using
wildcard paths to ignore files if any part of the file path contains
a hidden directory. Hidden directories are common when Kubernetes
mounts config maps onto volumes in a pod, which was causing the same
properties files to be loaded multiple times.
Fixes gh-23160
Remove code from `LogbackLoggingSystem.loadDefaults` that sets Logback
context properties from the Spring Environment. The code should not be
required since `LoggingSystemVariables` will have already set system
variables for the logging config to use.
Closes gh-23767
This commit makes sure to defer registration of hibernate statistics
outside of the singleton lock as it can lead to deadlocks when the
EntityManagerFactory is initialized in deferred mode.
Closes gh-23740
This commit adds support for platform API 0.4 when invoking a CNB
builder in the Maven and Gradle plugins. If the builder advertises
that it supports platform API 0.4 then that version will be
requested when invoking lifecycle phases. Otherwise the plugins
will fall back to requesting platform API 0.3.
Requesting platform API 0.4 when invoking builder lifecycle phases
has the primary benefit of making it easier to pass command-line
arguments to the default process in the generated image.
Fixes gh-23692
This commit polishes the javadoc for Maven plugin classes now that
the plugin reference docs link to the javadoc. Visibility of some
MOJO parameter class getters and setters were also changed for
consistency.
See gh-21555
Previously, the shutdown hook was only registered once refresh has
completed. If the JVM was shut down during refresh (or after refresh
and before the hook was registered) the hook wouldn't run and the
partially refreshed context would not be cleaned up.
This commit moves the registration of the shutdown hook to before
refresh processing begins. This ensures that the hook is available
to clean up the context if the JVM is shutdown while refresh is in
progress.
Fixes gh-23625
This commit modifies the documentation generated for the
Maven plugin to include links to javadoc when Spring
Boot types are mentioned. Some javadoc was also polished
to improve the generated docs.
Fixes gh-21555
Refactor `ConfigData` processing code to make it less awkward to
follow.
Prior to this commit the `ConfigDataLocationResolver` would take a
String location and return a `ConfigDataLocation` instance. This was
a little confusing since sometimes we would refer to `location` as the
String value, and sometimes it would be the typed instance. We also
had nowhere sensible to put the `optional:` prefix logic and we needed
to pass a `boolean` parameter to a number of methods. The recently
introduced `Orgin` support also didn't have a good home.
To solve this, `ConfigDataLocation` has been renamed to
`ConfigDataResource`. This frees up `ConfigDataLocation` to be used
as a richer `location` type that holds the String value, the `Orgin`
and provides a home for the `optional:` logic.
This commit also cleans up a few other areas of the code, including
renaming `ResourceConfigData...` to `StandardConfigData...`. It also
introduces a new exception hierarchy for `ConfigDataNotFoundExceptions`.
Closes gh-23711
Update `SpringApplication` so that `FailureAnalyzers` apply even if
the `ApplicationContext` was not created. If no `ApplicationContext`
is available, only `FailureAnalyzer` instances that do not implement
any `Aware` interfaces are considered.
Closes gh-23710
Previously, when building a layered jar with Gradle, project
dependencies were treated the same as any other dependency, being
included in the dependencies or snapshot dependencies layer based
on their version.
This commit updates the default layering when using Gradle to include
project dependencies in the application layer by default. The DSL has
also been updated to allow their layer to be customized using new
includeProjectDependencies() and excludeProjectDependencies() methods
rather than relying on including and excluding them via a
group:artifact:version pattern.
Closes gh-23431
This commit upgrades to Liquibase 3.10.3 and adds an explicit exclude
check as this version started to include a "banner.txt" at the root of
the classpath. Given it may override a banner configured by the user it
is ignored so that the default banner is displayed.
Users impacted by this change can rename their banner and configure the
"spring.banner.location" property to point to it.
Closes gh-23658
When Kubernetes mounts config maps onto volumes in a pod, it creates
hidden files on the pod filesystem with symbolic links to the
hidden files. The symlinks are named for the user-provided config
map that was mounted, while the hidden files have system-generated
names.
Prior to this commit, the property sources created by the
configtree property source were added to the environment using the
system-generated hidden file name instead of the user-provided
symlink name. This commit corrects that behavior so the property
sources are named as a user would expect.
Fixes gh-23232
The CNB specifications allow builders to support multiple platform
API versions. The supported versions are published in the builder
image metadata as an array of version numbers, while a single
supported version number was published in earlier builder metadata.
These changes read the supported versions from the builder metadata
and fall back to the single version if the array is not present.
A CNB_PLATFORM_API environment variable is set on each lifecycle
phase invocation to request a specific version as recommended in
the CNB platform spec.
Fixes gh-23682
This commit updates the default builder image used by the Maven
and Gradle plugins image-building goal and task to use the latest
Paketo builder image. The builder image is pulled from Docker Hub
instead of Google Container Registry by default.
See gh-23628
This commit adds support for Redis cache metrics. Users can opt-in for
statistics using the "spring.cache.redis.enable-statistics" property.
Closes gh-22701
This commit qualifies examples of configuring the CNB builder to clarify
that the examples apply to use of the default Paketo builder, and adds links
to the official Paketo docs for more details.
Fixes gh-19967
Spring 5.3 introduced the JdbcTransactionManager with exception
translation on commit and rollback. This commit updates the
auto-configuration to use this implementation rather than
DataSourceTransactionManager.
See gh-23672
A docker registry running in testcontainers behaves
differently in CI vs running locally. Disabling the tests for
now while working on getting them running reliably in CI.
See gh-21001
This commit adds options to the Maven and Gradle plugins to publish
to a Docker registry the image generated by the image-building goal
and task.
The Docker registry auth configuration added in an earlier commit
was modified to accept separate auth configs for the builder/run
image and the generated image, since it is likely these images will
be stored in separate registries or repositories with distinct
auth required for each.
Fixes gh-21001
Update all configuration examples in the docs to YAML and make use of
the new `configblocks` spring-asciidoctor-extensions feature to
automatically create both "Properties" and "Yaml" versions.
Closes gh-23515
We generate metadata for `@Endpoint` annotated types so the annotation
processor need to indicate that it supports the endpoint annotation.
See gh-23580
Previously, the configuration property annotation processor declared
that it supported all annotation types. This hurt performance and
prevented incremental builds with Gradle when compiling source code
containing source-retention annotations.
This commit updates its supported annotation types to be only
`@ConfigurationProperties` and `@Configuration`. The latter is declared
to allow binding third-party classes returned from a `@Bean` method.
Fixes gh-23580
Constructor calls like new AtomicInteger(0) cause a volatile write that
can be saved in cases where the constructor parameter is the default
value.
See gh-23575
Previously, JettyEmbeddedErrorHandler would change the method of every
request that is handles to GET. This was being done to work around
Jetty's error handling only dealing with GET, POST, and HEAD requests
by default. It had the unwanted side-effect of causing an error
response to a HEAD request having a body as, from the error handling's
perspective, it was a GET request.
This commit updates JettyEmbeddedErrorHandler to only set the method
on a request for which error handling is being performed if the method
isn't already one that will be handled, leaving the method of GET,
POST, and HEAD requests unchanged.
Unfortunately, short of implementing an HTTP client, this change cannot
be tested as the Apache HttpClient, OkHttp, and the JDK's
HttpURLConnection all silently drop the body of a response to a HEAD
request, preventing a test from asserting that a body hasn't been sent.
Closes gh-23551
Rather than using the extension directly, introduced a dedicated
annotation will enable customization of the compatibility tests that
are run via attributes on the annotation. For example, it will allow
certain test classes to run their tests with Gradle's configuration
cache enabled while others disable it.
Closes gh-23532
Previously the artifact's version was used. In an artifact's version,
SNAPSHOT is replaced with the timestamped version number of a specific
snapshot. As a result, it no longer matches the *:*:*SNAPSHOT pattern.
This commit replaces switches to using the artifact's base version.
This preserves the SNAPSHOT in the version number. For non-snapshot
artifacts, the version and base version are identical.
Fixes gh-23533
Previously, BootJar would resolves all of a project's configurations
when building a layered jar. This was unnecessarily broad as it was
likely to include configurations that had contributed nothing to the
jar's classpath.
This commit replaces the configuration resolution with an afterResolve
action that populates the ResolvedDependencies in response to a
configuration being resolved. This allows the resolved dependencies to
be populated from all of the configurations that were resolved as part
of determining the jars classpath and no more.
Closes gh-23528
Previously, the default servlet was registered automatically when using
embedded Jetty, Tomcat, or Undertow. However, it is not used by the
majority of applications where Spring MVC's DispatcherServlet will be
the only servlet that's needed. As such configuring the default servlet
was wasting CPU and memory.
This commit changes the default for registering the default servlet to
false. It can be re-enabled by setting
server.servlet.register-default-servlet=true.
Closes gh-22915
Prior to this commit, the bootBuildInfo was configured eagerly.
Configuring it lazily prevent this task from being configured when not
explicitly needed. Also, the 'classes' and 'bootJar' tasks are now
lazily configured, as the bootBuildInfo task was causing them to be
configured eagerly.
See gh-23435
This commit makes sure that aliases are only applied when they match
the DataSource being bound. This prevent an alias targetted to a
DataSource to accidently match an unexpected property of another
DataSource.
Closes gh-23480
Previously, we configured embedded Tomcat in such a way that no TLD
scan patterns were configured. This differed from a standalone
Tomcat installation where 4 patterns are configured that take
precedence over some of the skip patterns. The missing scan patterns
resulted in the skip patterns preventing the discovery of Log4j2's
TLDs.
This commit updates TomcatServletWebServerFactory to configure the
same four scan patterns as standalone Tomcat configures by default.
Fixes gh-23302
Previously, the web environment configured on `@SpringBootTest` was not
part of the context cache key. As a result, two test classes that has
identical configuration other than one using a MOCK web environment and
the other using a DEFINED_PORT web environment would share a context
when they should not do so. Classes that use MOCK and RANDOM_PORT were
not affected as the use of RANDOM_PORT results in a property for the
port being added to the environment.
This commit adds a new ContextCustomizer, SpringBootTestWebEnvironment,
that is used to capture the `webEnvironment` from `@SpringBootTest`
and use it in its hashCode and equals implementations. This fixes the
problem as all context customizers are evaluated when determing the
equality of two context cache keys.
Fixes gh-23085
This commit rework the tip on locating templates when running the app
in the IDE. Using classpath* should not change anything as this won't
make a difference without a pattern in the path.
Closes gh-23068
Change the visibility of our own ConfigDataLocationResolver and
ConfigDataLoader classes so that they can be created outside of
`spring.factories`.
Closes gh-23434
Previously LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN were not
consumed as system properties in log4j2.xml and log4j2-file.xml. As a
result, the logging.pattern.level and logging.pattern.dateformat
configuration properties, which are translated into the
LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN system properties
respectively had no effect.
This commit updates the log4j2.xml and log4j2-file.xml config files to
consume LOG_LEVEL_PATTERN and LOG_DATEFORMAT_PATTERN as system
properties. When the system property is not set, the configuation falls
back to the default values specified in the config files. Tests for
both log4j2.xml and log4j2-file.xml to verify the behaviour have also
bean added.
Fixes gh-22983
Previously, all MeterFilter beans were applied to all MeterRegistry
beans. As a result, when a composite registry was auto-configured, both
the composite and all of its delegates would have the same MeterFilters
applied. This made it impossible for one of the delegate registries to
have a locally-configured filter that would allow a meter that would be
denied by one of the MeterFilter beans applied to the composite.
This commit update MeterRegistryConfigurer to skips the auto-configured
composite meter registry when applying MeterFilter beans to
MeterRegistry beans. As a result, the composite's filters will no
longer deny a meter before it reaches a delegate that would have
accepted it due to one of its locally-configured filters.
Closes gh-23381
Introduce a new `LoggingSystemFactory` interface so that the
`LoggingSystem` class can find implementations without needing to
be directly tied to them.
Closes gh-23387
This commit adds the ability to configure the Maven and Gradle
plugins to use a remote Docker daemon using build file
configuration, as an alternative to setting environment variables
to specify remote host connection details.
Fixes gh-23400
Previously, spring.flyway.init-sqls was only applied to Flyway's
configuration if Flyway was being configured to create the DataSource.
If Flyway was being configured to use an existing DataSource, init-sqls
was not applied. This is a hangover from when the init SQLs support was
introduced. At that time, Flyway only supported SQL to initialize the
connection when it was creating the DataSource. Flyway 5.2 added init
SQL support no matter how Flyway's DataSource was configured.
This commit updates FlywayAutoConfiguration to always apply the
init-sqls property to Flyway's configuration. The property's
documentation does not describe the current limitation so this change
should align the behaviour with what the documentation leads people to
expect.
Fixes gh-23392
Refactor `BootstrapRegistry` support following initial prototype work
with the Spring Cloud team.
This update splits the `BootstrapRegistry` API into `BootstrapRegistry`,
`BootstrapContext` and `ConfigurableBootstrapContext` interfaces and
moves it to the same package as `SpringApplication`.
A new `Bootstrapper` interface has been introduced that can be added
to the `SpringApplication` to customize the `BootstrapRegistry` before
it's used.
Closes gh-23326
This commit adds the ability to configure Docker image registry
authentication credentials in the Maven and Gradle plugins. The
authentication credentials are passed to the Docker daemon with
all daemon API calls, and the daemon forwards the credentials to the
image registry when necessary. This makes it possible to use
builder and run images stored in a private Docker registry.
See gh-22972
Rename `@ConfigurationPropertiesImport` to
`@ImportAsConfigurationPropertiesBean` and also refine the registrar
so that it can be used with type directly annotated with
`@ConfigurationProperties`.
Closes gh-23172
Update `JarFileEntries` so that the interface is obtained rather than
the concrete implementation. This allows `JarEntry` values to be used
without causing a ClassCastException.
Closes gh-19041
Update the performance improvements to push certificate loading
and storage into the `JarFileEntries` class. This allows us to
keep certificates without needing to cache all entry data. We
now also keep certificates and code signers in a dedicated class
which is set whenever the full jar stream as been read, even if
the contained values are `null`. The logic that assumes META-INF
entries are not signed has been removed in favor of delegating to
the streamed entry results.
See gh-19041
Update Spring Boot nested JarFile support to improve the performance of
signed jars. Prior to this commit, `certificates` and `codeSigners`
were read by streaming the entire jar whenever the existing values
were `null`. Unfortunately, the contract for `getCertificates` and
get `getCodeSigners` states that `null` is a valid return value. This
meant that full jar streaming would occur whenever either method was
called on an entry that had no result. The problem was further
exacerbated by the fact that entries might not be cached.
See gh-19041
Update `ValidationBindHandler` so that pushed fields that reference
map keys can be used. This fixes a regression that was introduced in
commit 4483f417 when we switched to a `AbstractBindingResult` that no
longer required public getters/setters.
Closes gh-20350
Remove casting "timestamp" to `java.util.Date` in
`ErrorMvcAutoConfiguration` as the cast is not necessary and it
prevents other types (e.g. `java.time`) from being used.
See gh-23256
Prior to this commit, Actuator would sanitize properties values when
serializing them on the dedicated endpoint. Keys like "password" or
"secret" are entirely sanitized, but other keys like "uri" or "address"
are considered as URI types and only the password part of the user info
is sanitized.
This commit fixes the sanitization process where lists of such URI types
would not match the first entries of the list since they're starting
with `'['`. This commit improves the regexp matching process to sanitize
all URIs within a collection.
The documentation is also updated to better underline the processing
difference between complete sanitization and selective sanitization for
URIs.
Fixes gh-23037
Previous to this commit the connection idle timeout and heartbeat
interval were mapped to seconds whereas Cassandra expects ms for all
duration types.
This commit fixes the mapping and removes the default duration unit
since it should be considered ms like every other duration properties.
Closes gh-23249
This commit updates the Gradle Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter are excluded. Unlike the
Maven plugin, jars with a type of annotation-processor are not
excluded. It is not necessary with Gradle as use of the
annotationProcessor configuration for such dependencies already ensures
that they are not included.
See gh-22036
This commit updates the Maven Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter or annotation-processor
are excluded.
See gh-22036
The commit also includes an upgrade to Nimbus JOSE JWT 9.0. Spring
Security requires 9.0 and it is not backwards compatible with 8.19.
Closes gh-23225
Closes gh-23242
Previously, PropertiesLauncher would close each archive that it
iterated over when creating its ClassLoader. This was not aligned
with JarLauncher's behaviour and left the ClassLoader with closed
archives. The close was introduced in [1] and became more apparent
following the change to fail operations on closed archives [2].
This commit updates Launcher to remove the close() that was added in
[1]. This aligns the behavior of PropertiesLauncher with JarLauncher
and ensures that the ClassLoader does not have entries backed by
closed archives on its classpath.
Fixes gh-23165
[1] ad72f86bdb
[2] ed7a5db174
Add repeatable `@ImportConfigurationPropertiesBean` annotation that can
be used to import types and treat them as `@ConfigurationProperties`
beans. This annotation is specifically designed to support third-party
classes that can't contain any Spring annotations.
Closes gh-23172
Prior to this commit, the `WebClientExchangeTags`, when given a request
without a string template, would only get the request path to create the
"uri" tag for metrics. This is inconsistent with the
`RestTemplateExchangeTags`, which are taking the full request URI minus
the protocol+host+port.
This commit aligns the `WebClientExchangeTags` behavior in this case.
Closes gh-22832
This commit deprecates the
`"spring.resources.chain.html-application-cache"` configuration property
and its support, since the feature has been deprecated in Spring
Framework.
The app-cache manifest feature is being removed from browsers in favor
of web workers.
Closes gh-23228
With the introduction of health indicators that only require the
CqlSession, this commit deprecates the health indicators that require
Spring Data since the latter build on top of the former.
Closes gh-23226
ReactiveDataAccessStrategy has been deprecated in Spring Data R2BC in
favor of R2dbcConverter (and StatementMapper and UpdateMapper). When
not using Boot, an R2dbcConverter bean is now defined by
AbstractR2dbcConfiguration. This commit updates
R2dbcDataAutoConfiguration to replace the definition of a
ReactiveDataAccessStrategy bean with the definition of an
R2dbcConverter bean.
See gh-23197
Prior to this commit, Spring Boot would auto-configure both
Elasticsearch variants: `RestClient` ("Low Level" client) and
`RestHighLevelClient` ("High Level" client).
Since one can be derived from the other, this would create complex and
unclear situations depending on what developers provided with their
configuration.
`RestHighLevelClient` is mostly for actual use of the Elasticsearch API,
with support for specific methods and (de)serialization. On the other
hand, `RestClient` is merely wrapping the Apache HTTP client for
load-balancing support and low level HTTP features.
This commit completely removes the support for `RestClient` in Spring
Boot and now requires the presence of the
`org.elasticsearch.client:elasticsearch-rest-high-level-client`
dependency for REST client support with Elasticsearch.
Closes gh-22358
This commit builds on top of gh-22603 and exposes data collected by the
`BufferingApplicationStartup` on a dedicated `"/startup"` Actuator
endpoint.
Closes gh-23213
As of spring-projects/spring-framework#24878, Spring Framework provides
an `ApplicationStartup` infrastructure that applications can use to
collect and track events during the application startup phase.
This commit adds a new `BufferingApplicationStartup` implementation that
buffer `StartupStep`s and tracks their execution time. Once buffered,
these steps can be pushed to an external metrics system or drained
through a web endpoint, to a file...
Closes gh-22603
Andy Wilkinson
Stephane Nicoll
Kedar Joshi
Phillip Webb
Brian Clozel
Pushkaraj S
Gary Russell
Scott Frederick
cdalexndr
izeye
olivier.antoine
dreis2211
Asha Somayajula
Andy Wilkinson
Michal Mlak
Adrien Bennadji
Emily Casey
Marten Deinum
Santhoshkumar. P
tomekl007
Jasmine Howard
mnhock
Thorasine
Madhura Bhave
Shraddha Yeole
ketaki-t
desainidhi99
Fabio Grassi
Lukas Cardot
Rujun Chen
zyc
thorasine
Pavel Gordon
heinz
Sebastiaan Fernandez
姜为
mathieufortin01
lock14
anshlykov
David Good
cbono
Spencer Gibb